WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Blackhole Exploit Kit (14 posts)

  1. Daniella
    Member
    Posted 1 year ago #

    Hi,
    I'm using this plugin and was informed that two sites have the Blackhole Exploit virus. I scanned them using the AVG online tool: http://www.avg.com.au/resources/web-page-scanner/
    When I run the website scan via BPS/Sucuri, the results are clean.
    Any ideas what is going on?
    Thank you.

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Who informed you that a Blackhole Exploit virus exists on the sites? Did they tell you where?

    The only logical thing I can think of that they might be misinterpreting would be the 403.php template for error logging. It is similar to what a Blackhole Exploit might do.

    When a 403 error occurs the person is sent to the 403.php error logging template file to log the error.

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Can this Thread be resolved? If so, please resolve it. Thanks.

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Resolving.

  5. TBE Nederland
    Member
    Posted 1 year ago #

    Hello,

    I am having a similar problem.

    I also scanned my website with AVG and there are 2 threat types found, a Blackhole Exploit Kit and a JavaScript Obfuscation.

    According to BPS/Securi the site is clean.

    Google Webmaster Tools informed me that there is malware found on my site. Doesn't BulletProof Security protects against these threats?

  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Your site probably is clean then. One of the problems with scanners is it is impossible to make them 100% accurate because scanners are programmed to look for code patterns and sometimes see legitimate code as malicious code - false flags/false alerts.

    So what I recommend is that you check with AVG to find out why these threats are being detected. From time to time my Internet security app sees legitimate code as malicious code and this is a false flag/false alert 1 out of 10 times and the creators of this app usually fix this issue within a day.

  7. The Hack Repair Guy
    Member
    Posted 1 year ago #

    Agreed.
    I receive a good number of calls each month specific to AVG scanner software. AVG software shows client's site as compromised, apparently due to long but legitimate JavaScript strings, or long login link, like this example:
    http://my+site.com/?password-protected=login&redirect_to=http%3A%2F%2Fwww.m
    y+site.com%2F%3Fdoing_wp_cron%3D1368628417.3787839412689208984375

    Then, once one of these software programs, like AVG or McAfee state a site is compromised, this may then start a chain reaction where other less scanners pop up with similar malware alerts, a knee jerk reaction to the scanners higher up in the food chain.

    Once you submit a clear or review request for the website in question, it usually takes up to a week for the situation to fully clear up.

  8. TBE Nederland
    Member
    Posted 1 year ago #

    Well i have asked the one who installed our website to check it, and he also found malware. So this means that this malware hasn't been detected by BPS? I am a bit disappointed because i thought that the website was safe with BPS.

    If you want to look at our site, here is a short url: http://iturl.nl/snowfB

    Best Regards,
    TBE

  9. Daniella
    Member
    Posted 1 year ago #

    Sorry, I didn't respond....email issues. This thread is resolved on my end and I appreciated your help.

  10. TBE Nederland
    Member
    Posted 1 year ago #

    Yes your issue has been resolved, but i have the same issue ;). That is why i replied in this topic.

    So i hope they will give a reply to my last post.

    With best regards,
    TBE

  11. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I already did respond. You need to contact AVG to find out why their scanner is seeing a false flag/false alert. Or if it actually is some malicious code then AVG will be able to tell you that. Most likely it is a false flag/false alert and AVG will need to make a correction to their scanner check/code. If your site has been mistakenly blacklisted then you would need to request that it be un-blacklisted by whomever blacklists your site. ie AVG, Mcaffee, etc.

  12. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I forgot to mention that I have scanned your site and i did not find any malware on the site.

  13. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Also forgot to mention this. When you use a Minify plugin or use a minification feature in a plugin then this can trigger false alerts/false flags. Also minifying in general can actually make code/scripts less secure and cause vulnerabilities/exploits if the original code is minified in a way that the built-in security protection in that script is no longer working correctly since it has been minified. This does not happen in every case, but I have found that this does happen in some cases depending on many different technical factors.

    In my professional opinion you should never minify frontloading js scripts. All minifying plugins allow you to exclude js scripts from being minified.

  14. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Also if a script is minified in a way that BPS can no longer protect it then it will no longer be protected by BPS. ;) It just depends on how the script is minified and how that minified script is processed. Once again there are many technical factors involved and a definite answer could not be given per script unless the minified code/script was tested for exploits/vulnerabilities by attempting to exploit it to get conclusive results.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic